diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-16 09:13:25 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-16 09:13:25 +0400 |
commit | 0d63885e9fc432eec6de3256123d7839fdaf37af (patch) | |
tree | d0b6a4f15ed6ff4b7e89e407124e937b8c2ffeb7 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | |
parent | 992abcbfa5b7d03cda1bbdafbc792146473601c1 (diff) |
Track whether or not a certificate_status message is allowed
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 73922a49..783fb26b 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -146,9 +146,20 @@ public class DTLSServerProtocol handshake.sendMessage(HandshakeType.certificate, certificateBody); } - if (serverCertificate != null && !serverCertificate.isEmpty()) + // TODO[RFC 3546] Check whether empty certificates is possible, allowed, or excludes CertificateStatus + if (serverCertificate == null || serverCertificate.isEmpty()) + { + state.allowCertificateStatus = false; + } + + if (state.allowCertificateStatus) { // TODO[RFC 3546] Get certificate status, if any, and send + CertificateStatus certificateStatus = null; //tlsServer.getCertificateStatus(); + if (certificateStatus != null) + { +// sendCertificateStatusMessage(certificateStatus); + } } byte[] serverKeyExchange = state.keyExchange.generateServerKeyExchange(); @@ -376,7 +387,10 @@ public class DTLSServerProtocol if (state.serverExtensions != null) { + // TODO[RFC 3546] Should this code check that the 'extension_data' is empty? + state.allowCertificateStatus = state.serverExtensions.containsKey(TlsExtensionsUtils.EXT_status_request); state.expectSessionTicket = state.serverExtensions.containsKey(TlsProtocol.EXT_SessionTicket); + TlsProtocol.writeExtensions(buf, state.serverExtensions); } @@ -617,6 +631,7 @@ public class DTLSServerProtocol int selectedCipherSuite = -1; short selectedCompressionMethod = -1; boolean secure_renegotiation = false; + boolean allowCertificateStatus = false; boolean expectSessionTicket = false; Hashtable serverExtensions = null; TlsKeyExchange keyExchange = null; |